Failed to create the pair: Unknown attribute Max-All-Session
Hello guys This is my first post. I hope i can explain my problem. I have a FreeRADIUS Version 2.1.12 with mysql db I have a hotspot with coova chilli devices like Access point (open-mesh with cloud controller cloudtrax), everything Works fine except with the attribute" Max-All-Session" in the radcheck table, when i put this attribute the users can't authenticate, if i delete this attribute users can authenticate. I need limit a user access period for 1 day ,1 hour or 1 week from his first time he login using a prepaid card. This user never has been authenticated, so he haven't registry in the radacct table Id username attribute op value 2262 a1z5 Auth-Type := Accept 2263 a1z5 Simultaneous-Use := 1 2264 a1z5 Max-All-Session := 3600 Even if i use other attribute like: Expiration it works with out problem. Id username attribute op value 5 42h7 Auth-Type := Accept 1017 42h7 Expiration == May 8 2014 11:56:01 1018 42h7 Simultaneous-Use := 1 In my debug i see this error, i hope you can help me. rlm_sql: Failed to create the pair: Unknown attribute "Max-All-Session" requires a hex string, not "3600" rlm_sql (sql): Error getting data from database [sql] SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 11 ++[sql] returns fail Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +- entering group REJECT {...} Ready to process requests. rad_recv: Access-Request packet from host 192.16.1.6 port 57160, id=68, length=301 ChilliSpot-Version = "1.2.8" User-Name = "a1z5" CHAP-Challenge = 0x29e1cac347609050f7fd312c10cbd7e0 CHAP-Password = 0x0052b8ddaf303a9513c3ed41b81e0bf852 Service-Type = Login-User Acct-Session-Id = "552d462f00000002" Framed-IP-Address = 10.255.216.9 NAS-Port-Type = Wireless-802.11 NAS-Port = 2 NAS-Port-Id = "00000002" Calling-Station-Id = "40-0E-85-30-B9-03" Called-Station-Id = "AC-86-74-1D-9B-F0" NAS-IP-Address = 10.255.216.1 NAS-Identifier = "AP2" WISPr-Location-ID = "isocc=,cc=,ac=,network=Coova,Wicoin_Test" WISPr-Location-Name = "Wicoin_Test" WISPr-Logoff-URL = "http://10.255.216.1:3990/logoff" Message-Authenticator = 0x979323917417ff7a0c783751a8ff8223 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++- entering policy filter_username {...} +++? if (User-Name =~ /^ /) ? Evaluating (User-Name =~ /^ /) -> FALSE +++? if (User-Name =~ /^ /) -> FALSE +++? if (User-Name =~ / $$/) ? Evaluating (User-Name =~ / $$/) -> FALSE +++? if (User-Name =~ / $$/) -> FALSE +++? if (User-Name != "%{tolower:%{User-Name}}") expand: %{User-Name} -> a1z5 expand: %{tolower:%{User-Name}} -> a1z5 ? Evaluating (User-Name != "%{tolower:%{User-Name}}") -> FALSE +++? if (User-Name != "%{tolower:%{User-Name}}") -> FALSE ++- policy filter_username returns notfound [preprocess] returns ok [chap] Setting 'Auth-Type := CHAP' ++[chap] returns ok ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "a1z5", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop [sql] expand: %{User-Name} -> a1z5 [sql] sql_set_user escaped user --> 'a1z5' rlm_sql (sql): Reserving sql socket id: 11 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'a1z5' ORDER BY id rlm_sql: Failed to create the pair: Unknown attribute "Max-All-Session" requires a hex string, not "3600" rlm_sql (sql): Error getting data from database [sql] SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 11 ++[sql] returns fail Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> a1z5 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 2 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 2 Sending Access-Reject of id 68 to 192.16.1.6 port 57160 Waking up in 4.9 seconds. Cleaning up request 2 ID 68 with timestamp +57 Ready to process requests. Saludos Cordiales, Sergio Diaz
Check the docs eg http://wiki.freeradius.org/modules/Rlm_sqlcounter And compare them to what you've got. However the error message makes me think that someone's edited or altered your dictionary files - go check the default 2.1.12 dictionaries and compare them to yours alan
On Apr 14, 2015, at 4:20 PM, Sergio Diaz <sdiazf@logitel.com.mx> wrote:
I have a FreeRADIUS Version 2.1.12 with mysql db
I have a hotspot with coova chilli devices like Access point (open-mesh with cloud controller cloudtrax), everything Works fine except with the attribute" Max-All-Session" in the radcheck table, when i put this attribute the users can't authenticate, if i delete this attribute users can authenticate. I need limit a user access period for 1 day ,1 hour or 1 week from his first time he login using a prepaid card.
That should be simple.
This user never has been authenticated, so he haven't registry in the radacct table
Id username attribute op value 2262 a1z5 Auth-Type := Accept 2263 a1z5 Simultaneous-Use := 1 2264 a1z5 Max-All-Session := 3600
OK...
Even if i use other attribute like: Expiration it works with out problem.
Yes, because Expiration is managed by the rlm_expiration module.
rlm_sql: Failed to create the pair: Unknown attribute "Max-All-Session" requires a hex string, not "3600"
You read the documentation saying to use "Max-All-Session". That's good. You didn't read the documentation saying that the attribute is managed by the sqlcounter module. Configure the sqlcounter module. It will define the Max-All-Session attribute for you. And, do the session counting that you're looking for. The base SQL module just looks up data in SQL. It doesn't do anything more than that. Alan DeKok.
Thanks for your answer, This is my configuration: /etc/freeradius/sql/mysql/counter.conf sqlcounter noresetcounter { counter-name = Max-All-Session-Time check-name = Max-All-Session sqlmod-inst = sql key = User-Name reset = never query = "SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='%{%k}'" } In the file: /etc/freeradius/radiusd.conf i have $INCLUDE sql.conf # # This module is an SQL enabled version of the counter module. # # Rather than maintaining seperate (GDBM) databases of # accounting info for each counter, this module uses the data # stored in the raddacct table by the sql modules. This # module NEVER does any database INSERTs or UPDATEs. It is # totally dependent on the SQL module to process Accounting # packets. # $INCLUDE sql/mysql/counter.conf Already i did a restart of the freeradius Service, but not work. I dont know why? Saludos Cordiales, Sergio Diaz Infraestructura TI 01(55) 5265.0145 (044) 55.28.99.95.71 sdiazf@logitel.com.mx www.logitel.com.mx -----Mensaje original----- De: Freeradius-Users [mailto:freeradius-users-bounces+sdiazf=logitel.com.mx@lists.freeradius.org] En nombre de Alan DeKok Enviado el: martes, 14 de abril de 2015 04:23 p. m. Para: FreeRadius users mailing list Asunto: Re: Failed to create the pair: Unknown attribute Max-All-Session On Apr 14, 2015, at 4:20 PM, Sergio Diaz <sdiazf@logitel.com.mx> wrote:
I have a FreeRADIUS Version 2.1.12 with mysql db
I have a hotspot with coova chilli devices like Access point (open-mesh with cloud controller cloudtrax), everything Works fine except with the attribute" Max-All-Session" in the radcheck table, when i put this attribute the users can't authenticate, if i delete this attribute users can authenticate. I need limit a user access period for 1 day ,1 hour or 1 week from his first time he login using a prepaid card.
That should be simple.
This user never has been authenticated, so he haven't registry in the radacct table
Id username attribute op value 2262 a1z5 Auth-Type := Accept 2263 a1z5 Simultaneous-Use := 1 2264 a1z5 Max-All-Session := 3600
OK...
Even if i use other attribute like: Expiration it works with out problem.
Yes, because Expiration is managed by the rlm_expiration module.
rlm_sql: Failed to create the pair: Unknown attribute "Max-All-Session" requires a hex string, not "3600"
You read the documentation saying to use "Max-All-Session". That's good. You didn't read the documentation saying that the attribute is managed by the sqlcounter module. Configure the sqlcounter module. It will define the Max-All-Session attribute for you. And, do the session counting that you're looking for. The base SQL module just looks up data in SQL. It doesn't do anything more than that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello Alan I reviewed the configuration files and looks fine, any idea ? Saludos Cordiales, Sergio Diaz Infraestructura TI 01(55) 5265.0145 (044) 55.28.99.95.71 sdiazf@logitel.com.mx www.logitel.com.mx -----Mensaje original----- De: Sergio Diaz Enviado el: martes, 14 de abril de 2015 06:38 p. m. Para: FreeRadius users mailing list Asunto: RE: Failed to create the pair: Unknown attribute Max-All-Session Thanks for your answer, This is my configuration: /etc/freeradius/sql/mysql/counter.conf sqlcounter noresetcounter { counter-name = Max-All-Session-Time check-name = Max-All-Session sqlmod-inst = sql key = User-Name reset = never query = "SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='%{%k}'" } In the file: /etc/freeradius/radiusd.conf i have $INCLUDE sql.conf # # This module is an SQL enabled version of the counter module. # # Rather than maintaining seperate (GDBM) databases of # accounting info for each counter, this module uses the data # stored in the raddacct table by the sql modules. This # module NEVER does any database INSERTs or UPDATEs. It is # totally dependent on the SQL module to process Accounting # packets. # $INCLUDE sql/mysql/counter.conf Already i did a restart of the freeradius Service, but not work. I dont know why? Saludos Cordiales, Sergio Diaz Infraestructura TI 01(55) 5265.0145 (044) 55.28.99.95.71 sdiazf@logitel.com.mx www.logitel.com.mx -----Mensaje original----- De: Freeradius-Users [mailto:freeradius-users-bounces+sdiazf=logitel.com.mx@lists.freeradius.org] En nombre de Alan DeKok Enviado el: martes, 14 de abril de 2015 04:23 p. m. Para: FreeRadius users mailing list Asunto: Re: Failed to create the pair: Unknown attribute Max-All-Session On Apr 14, 2015, at 4:20 PM, Sergio Diaz <sdiazf@logitel.com.mx> wrote:
I have a FreeRADIUS Version 2.1.12 with mysql db
I have a hotspot with coova chilli devices like Access point (open-mesh with cloud controller cloudtrax), everything Works fine except with the attribute" Max-All-Session" in the radcheck table, when i put this attribute the users can't authenticate, if i delete this attribute users can authenticate. I need limit a user access period for 1 day ,1 hour or 1 week from his first time he login using a prepaid card.
That should be simple.
This user never has been authenticated, so he haven't registry in the radacct table
Id username attribute op value 2262 a1z5 Auth-Type := Accept 2263 a1z5 Simultaneous-Use := 1 2264 a1z5 Max-All-Session := 3600
OK...
Even if i use other attribute like: Expiration it works with out problem.
Yes, because Expiration is managed by the rlm_expiration module.
rlm_sql: Failed to create the pair: Unknown attribute "Max-All-Session" requires a hex string, not "3600"
You read the documentation saying to use "Max-All-Session". That's good. You didn't read the documentation saying that the attribute is managed by the sqlcounter module. Configure the sqlcounter module. It will define the Max-All-Session attribute for you. And, do the session counting that you're looking for. The base SQL module just looks up data in SQL. It doesn't do anything more than that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
In this file: /etc/freeradius/sites-enabled/default ? When a i put "noresetcounter" in this sections , save and restar the freeradius Service, but the Service failed to start. If i undo the changes the Service start without problem. # See "Authorization Queries" in sql.conf # sql # # If you are using /etc/smbpasswd, and are also doing # mschap authentication, the un-comment this line, and # configure the 'etc_smbpasswd' module, above. # etc_smbpasswd # # The ldap module will set Auth-Type to LDAP if it has not # already been set # ldap # # Enforce daily limits on time spent logged in. # daily # # Use the checkval module # checkval expiration logintime noresetcounter accounting { # # Create a 'detail'ed log of the packets. # Note that accounting requests which are proxied # are also logged in the detail file. detail # daily noresetcounter Saludos Cordiales, Sergio Diaz Infraestructura TI 01(55) 5265.0145 (044) 55.28.99.95.71 sdiazf@logitel.com.mx www.logitel.com.mx -----Mensaje original----- De: Freeradius-Users [mailto:freeradius-users-bounces+sdiazf=logitel.com.mx@lists.freeradius.org] En nombre de Alan DeKok Enviado el: miércoles, 15 de abril de 2015 10:12 a. m. Para: FreeRadius users mailing list Asunto: Re: Failed to create the pair: Unknown attribute Max-All-Session On Apr 15, 2015, at 10:55 AM, Sergio Diaz <sdiazf@logitel.com.mx> wrote:
I reviewed the configuration files and looks fine, any idea ?
Did you configure the server to *use* the module? i.e. list "noresetcounter" in the "accounting" and "authorize" sections? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanx Alan It Works!!! Only add "noresetcounter" in this section: # Use the checkval module # checkval expiration logintime noresetcounter # Saludos Cordiales, Sergio Diaz Infraestructura TI 01(55) 5265.0145 (044) 55.28.99.95.71 sdiazf@logitel.com.mx www.logitel.com.mx -----Mensaje original----- De: Freeradius-Users [mailto:freeradius-users-bounces+sdiazf=logitel.com.mx@lists.freeradius.org] En nombre de Alan DeKok Enviado el: miércoles, 15 de abril de 2015 12:04 p. m. Para: FreeRadius users mailing list Asunto: Re: Failed to create the pair: Unknown attribute Max-All-Session On Apr 15, 2015, at 12:12 PM, Sergio Diaz <sdiazf@logitel.com.mx> wrote:
In this file: /etc/freeradius/sites-enabled/default ?
Yes. It should only go in the "authorize" section. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (3)
-
Alan Buxey -
Alan DeKok -
Sergio Diaz